Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-17 18:49:11 2014-07-17 18:52:38 207 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-17 18:49:12 2014-07-17 18:52:37

File Details

File name Your-cable-expert--Z-Co-Technology-V3.0.pdf
File size 3676966 bytes
File type PDF document, version 1.3
CRC32 3B8EE97E
MD5 996f0a41caeaadb8d779ab72ba94c519
SHA1 3608c3a260107fae7cf4bd19414b5fd456f7fcbc
SHA256 295dfd33e0c7ed3653ff0f110ae027f0a31fd5426bafb4fa634a9e6cee05682c
SHA512 69a979cc69060eb3e514a79a86d37127d5c3b42c6a818dc55c7a7418296dd9892134f163e503f9aa13fca3d39513939ef8b5593c80264b806874d2a5b157e1bc
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

Signatures

Starts servers listening on 127.0.0.1:0, 0.0.0.0:0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Nothing to display.

Dropped Files

Eula.exe

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Files
  • C:\DOCUME~1
  • C:\DOCUME~1\TDW
  • C:\DOCUME~1\TDW\LOCALS~1
  • C:\DOCUME~1\TDW\LOCALS~1\Temp
  • C:\Documents and Settings\TDW\Local Settings\Temp\Your-cable-expert--Z-Co-Technology-V3.0.pdf
  • C:\Documents and Settings\TDW
  • C:\Documents and Settings\TDW\Local Settings\Temp
  • C:\WINDOWS\system32\KBDUS.DLL
  • C:\WINDOWS
  • C:\Program Files\Adobe
  • C:\Program Files\Adobe\Reader 11.0\Reader
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx
  • C:\Documents and Settings\TDW\Application Data\Adobe
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Speech
  • C:\WINDOWS\system32
  • C:\Documents and Settings\TDW\Local Settings\Application Data\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\
  • C:\Documents and Settings\TDW\Local Settings\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color\ACECache11.lst
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\Documents and Settings\TDW\Application Data\
  • C:\Documents and Settings\TDW\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdr.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdri.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages
  • PIPE\wkssvc
  • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • MountPointManager
  • STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • C:\Documents and Settings
  • C:\Documents and Settings\TDW\My Documents
  • C:\Documents and Settings\TDW\My Documents\desktop.ini
  • C:\Documents and Settings\All Users
  • C:\Documents and Settings\All Users\Documents
  • C:\Documents and Settings\All Users\Documents\desktop.ini
  • C:\Documents and Settings\TDW\Desktop
  • C:\Documents and Settings\All Users\Desktop
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab
  • C:\Documents and Settings\TDW\Application Data\desktop.ini
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\BNWHP6JM
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\FAP1.tmp
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\
  • PIPE\lsarpc
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R4603.tmp
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\TCQFGDFG
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\TCQFGDFG
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\TCQFGDFG\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\TCQFGDFG\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\H9J23M1F
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\H9J23M1F
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\H9J23M1F\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\H9J23M1F\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\AD6V1LAY
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\AD6V1LAY
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\AD6V1LAY\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\AD6V1LAY\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\QH3Y6AY2
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\QH3Y6AY2
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\QH3Y6AY2\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\QH3Y6AY2\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\History
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\
  • C:\
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Cookies\
  • C:\Documents and Settings\TDW\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat
  • C:\WINDOWS\system32\userenv.dll
  • c:\autoexec.bat
  • C:\Documents and Settings\TDW\Local Settings
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\Certificates\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CRLs\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CTLs\*
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\WINDOWS\system32\Ras\*.pbk
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\Documents and Settings\TDW\Cookies\tdw@adobe[2].txt
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\assets
  • C:\WINDOWS\system32\shell32.dll
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R4604.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\A9R4604.tmp
Mutexes
  • Global\ARM Update Mutex
  • Global\Acro Update Mutex
  • {100184D2-BDC3-477a-B8D3-65548B67914C}_468
  • _!MSFTHISTORY!_
  • c:!documents and settings!tdw!local settings!temporary internet files!content.ie5!
  • c:!documents and settings!tdw!cookies!
  • c:!documents and settings!tdw!local settings!history!history.ie5!
  • WininetStartupMutex
  • WininetConnectionMutex
  • WininetProxyRegistryMutex
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Privileged
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0
  • HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Acrobat\11.0\Security
  • HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\Installer
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c1
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003
  • Keyboard Layout\Preload
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CURRENT_USER\
  • HKEY_CLASSES_ROOT\
  • HKEY_LOCAL_MACHINE\
  • HKEY_USERS\
  • HKEY_CURRENT_CONFIG\
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\11.0
  • HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Justsystem\ATOK\Setup\Folder
  • HKEY_LOCAL_MACHINE\System
  • HKEY_LOCAL_MACHINE\System\Acrobatbrokerserverdispatchercpp789
  • Software\Adobe\Acrobat Reader\11.0\Installer\Migrated
  • Language
  • Software\Adobe\Adobe Synchronizer\11.0
  • Software\Adobe\Adobe Synchronizer\11.0\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
  • HKEY_CLASSES_ROOT\.exe
  • HKEY_CLASSES_ROOT\exefile
  • HKEY_CLASSES_ROOT\exefile\CurVer
  • HKEY_CLASSES_ROOT\exefile\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
  • HKEY_CLASSES_ROOT\SystemFileAssociations\application
  • HKEY_CLASSES_ROOT\exefile\\Clsid
  • HKEY_CLASSES_ROOT\*
  • HKEY_CLASSES_ROOT\*\Clsid
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CLASSES_ROOT\Directory
  • HKEY_CLASSES_ROOT\Directory\CurVer
  • HKEY_CLASSES_ROOT\Directory\
  • HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\Directory\\Clsid
  • HKEY_CLASSES_ROOT\Folder
  • HKEY_CLASSES_ROOT\Folder\Clsid
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  • HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CLASSES_ROOT\.ade
  • HKEY_CLASSES_ROOT\.adp
  • HKEY_CLASSES_ROOT\.app
  • HKEY_CLASSES_ROOT\.asp
  • HKEY_CLASSES_ROOT\.bas
  • HKEY_CLASSES_ROOT\.bat
  • HKEY_CLASSES_ROOT\.cer
  • HKEY_CLASSES_ROOT\.chm
  • HKEY_CLASSES_ROOT\.cmd
  • HKEY_CLASSES_ROOT\.com
  • HKEY_CLASSES_ROOT\.cpl
  • HKEY_CLASSES_ROOT\.crt
  • HKEY_CLASSES_ROOT\.csh
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  • HKEY_CLASSES_ROOT\exefile\\shell\open
  • HKEY_CLASSES_ROOT\exefile\\shell\open\command
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe
  • HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\Applications\Eula.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\TreatAs
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServerX86
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32
  • HKEY_CLASSES_ROOT\AppID\AcroRd32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles
  • Software\Adobe\Adobe Synchronizer\11.0\CredentialsV2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014071720140718
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\PhysicalStores
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Volatile Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Certificates
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CRLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CTLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\adobe.com
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\

Processes

registry filesystem process services network synchronization

AcroRd32.exe PID: 468, Parent PID: 252

Volatility

Nothing to display.